captainVersion: 4
services:
    $$cap_appname:
        caproverExtra:
            containerHttpPort: $$cap_OPENVPN_PORT_ADMIN
        image: linuxserver/openvpn-as:$$cap_OPENVPN_VERSION
        hostname: $$cap_appname.$$cap_root_domain
        environment:
            PUID: $$cap_OPENVPN_PUID
            PGID: $$cap_OPENVPN_GUID
            TZ: $$cap_OPENVPN_TZ
            INTERFACE: $$cap_OPENVPN_INTERFACE
        volumes:
            - $$cap_appname:/config
        ports:
            - $$cap_OPENVPN_PORT_TCP:$$cap_OPENVPN_PORT_TCP
            - $$cap_OPENVPN_PORT_UDP:$$cap_OPENVPN_PORT_UDP
        cap_add:
            - NET_ADMIN

caproverOneClickApp:
    displayName: OpenVPN Access Server
    isOfficial: false
    description: Full featured secure network tunneling VPN software.
    documentation: https://openvpn.net/index.php/access-server/overview.html
    instructions:
        start: |-
            OpenVPN is a full featured, open-source VPN solution that accommodates a wide range of configurations.

            **Important notes:**
            - The provider of this image (LinuxServer) has decided to **deprecate** it in favor of WireGuard
            - If you are using CapRover version `1.10.1` or older, you will need to **override CapRover's configuration** to use the newer Docker API version `1.4.1` (this can be done manually or by running `echo "{\"dockerApiVersion\":\"v1.41\"}" > /captain/data/config-override.json`)
            - You need **access via SSH** to your server after deployment to modify a file (only once)
            - You may need to **open the ports** `1194` and `9443` on your firewall
        end: |-
            OpenVPN has been deployed **successfully**!

            Before you can start using it, you need to perform some steps.
            You only need to do this once.
            **Please screenshot/copy the following instructions before proceeding:**

            1. Go to the **HTTP Settings** of your deployment `$$cap_appname` here in CapRover
            2. **Enable HTTPS**
            3. **Edit Default Nginx Configurations** and search for the line `set $upstream http://<%-s.localDomain%>:<%-s.containerHttpPort%>;` and replace `http://` with `https://`
            4. Go to **App Configs** and paste the following snippet into **Service Update Override**: `{ "TaskTemplate": { "ContainerSpec": { "CapabilityAdd": ["CAP_NET_ADMIN"], "Hostname": "$$cap_appname.$$cap_root_domain" } } }`
            5. **Save & Update** and wait a minute
            6. Go to https://$$cap_appname.$$cap_root_domain/admin and log in using user `admin` and password `password`
            7. Navigate to **Configuration** > **Network Settings** and replace the value in **Hostname Or IP Address** with `$$cap_appname.$$cap_root_domain` and update the server (if you get an error just refresh the page, log back in to the admin page (`/admin`) and proceed with the next step)
            8. Navigate to **User Management** > **User Permissions** and add **New Username**, set a password, make it an admin and **Save Settings**.
            9. Log out and log in as the new user
            10. Navigate to **User Management** > **User Permissions** and delete the `admin` account
            11. Access via SSH to your server and execute `docker exec -it $(docker ps --filter name=srv-captain--$$cap_appname -q) sed -i '/boot_pam_users.0=admin/c\boot_pam_users.0=abcnonexistentuserxyz' /config/etc/as.conf` to block the `admin` account and prevent its creation during container restart

            Enjoy your private VPN!
    variables:
        - id: $$cap_OPENVPN_VERSION
          label: General | Version Tag
          description: Check out their valid tags at https://hub.docker.com/r/linuxserver/openvpn-as/tags
          defaultValue: 2.9.0-5c5bd120-Ubuntu18-ls124
          validRegex: /.{1,}/
        - id: $$cap_OPENVPN_TZ
          label: General | Timezone
          description: Timezone for the application, find yours at https://en.wikipedia.org/wiki/List_of_tz_database_time_zones
          defaultValue: UTC
          validRegex: /.{1,}/
        - id: $$cap_OPENVPN_PUID
          label: General | User ID
          description: User ID that the process uses, run `id $user` on your instance to see the ID.
          defaultValue: 1000
          validRegex: /.{1,}/
        - id: $$cap_OPENVPN_GUID
          label: General | Group ID
          description: Group ID that the process uses, run `id $user` on your instance to see the ID.
          defaultValue: 1000
          validRegex: /.{1,}/
        - id: $$cap_OPENVPN_PORT_ADMIN
          label: Networking | Admin GUI Port
          description: Port of the administration interface. Should not be changed.
          defaultValue: 943
          validRegex: /.{1,}/
        - id: $$cap_OPENVPN_PORT_TCP
          label: Networking | TCP Port
          description: Port of the TCP connections. Should not be changed.
          defaultValue: 9443
          validRegex: /.{1,}/
        - id: $$cap_OPENVPN_PORT_UDP
          label: Networking | UDP Port
          description: Port of the UDP connections. Should not be changed.
          defaultValue: 1194
          validRegex: /.{1,}/
        - id: $$cap_OPENVPN_INTERFACE
          label: Networking | Interface
          description: >-
              With bridge networking, leave it blank (or enter `eth0`).
              If `host` or `macvlan`, set it to your host's network interface, found by running `ifconfig`.